Passwords and Passphrases

A great thing on generating passwords/phraseshttp://world.std.com/~reinhold/diceware.html

10 myths about security in the Windowed World.http://www.securityfocus.com/infocus/1554/

_____I personally prefer moderate strength for personal use. i.e. Only I'll be able to remember wth I was thinking when I made the pass. By the time some one could get close to cracking it I'd have checked my system logs or changed passwords. And last but not least: that it can be variated and subclassed creating a string of rememberable (to me) passwords derived from a base password to form a group to create a larger list of "random out of the box" passwords I can use for low inportance items.

Yep, thats not bad at all, unfortunately (or fortunately) i don't have any real need for such complicated passwords/passphrases.

I did think the point made in myth 7 was a bit pointless though

"You may want to consider allowing users to save passwords in software-based password storage utilities. These utilities allow a user to store many account passwords in one central location, locked with a master password. If you know the master password, you gain access to your entire list of passwords."

as surely the master password would have the same problem as the multiple passwords.

If i ever had the need to create a complex password, i don't know if i would trust the dice method either. Surely the diceware method could easily be incorporated into some form of password cracking software and so any information sufficiently important to be stored by such a "complex" password creater would be matched by high quality password cracking software that included an algorithm that would run through these possibilities.

Their is a program that can brute force crack passwords at very much faster rates. Via working smarter not harder.

The catch? If you use something with punch the program which I shall not name - does not support many non WinRelm methods.

Example typical FreeBSD password hash uses MD5, I use Blowfish which is probably military grade or close to it. The program in question could probably crack my pw fine if I used MD5, DES e.t.c. except it dosn't support blowfish ^_^

I'm not sure where Windows NT places it's keys, prolly the registory. FreeBSD, like any Unix that has grown up keeps them under very tight lock N key. I hope windows takes even half as much concern.